cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

API - get alerts for a process group third-party vul

Sami
Frequent Guest

Hi,

 

In an effort to pull the alerts for a process including the environmental specific factors (exposed, first seen for this process, data ) we have to do the following:

 

  1. Pull all the alerts with the query parameter affectedPgNameContains using "GET all problems"

  2. iterate over all the results to get the specifics for a process - using multiple other calls to "GET problem events"

 

A process that is not practical to scale !!

 

Is there a single API call that returns the alerts for a specific process ? 

Ex. Get security alerts for affectedPgNameContains='something '

 

Thanks,

Sami

 

10 REPLIES 10

AurelienGravier
Advisor

Hello @Sami,

I recommend checking the Dynatrace Api explorer "Environment API V2" in the endpoint "/securityProblems".

You could use the parameter "securityProblemSelector" to filter on the entity of your choice, for example :  

AurelienGravier_0-1671611289365.png

Curl command generated :

curl -X GET "https://{environmentid}.live.dynatrace.com/api/v2/securityProblems?securityProblemSelector=affectedPgNameContains%28%22something%22%29&from=-3d" -H "accept: application/json; charset=utf-8"

 

Regards Aurélien.

Observability consultant - Dynatrace Associate/Pro/Services certified

AurelienGravier
Advisor

Dynatrace API Explorer is accessible here for SaaS Environment :

https://{environmentid}.live.dynatrace.com/rest-api-doc/index.jsp

Observability consultant - Dynatrace Associate/Pro/Services certified

Sami
Frequent Guest

Hi Aurélien,

Unfortunately this is not what I am hoping for.

For this endpoint 

input: process group name 

output: all security alerts where this process is affected (no specifics if the process is exposed or the first detected timestamp for this process)

 

what I am looking for

input: process group name 

output: list of security problems and the specifics for this process (exposure, when each security alert was first detected for this process, )

error: if the process searched for is not running or never ran return an error accordingly

 

 

 

AurelienGravier
Advisor

Hi @Sami 

Have you try to add addditionnal fields like +riskAssessment,+codeLevelVulnerabilityDetails :

AurelienGravier_0-1671699941583.png

curl -X GET "https://{environmentid}.live.dynatrace.com/api/v2/securityProblems?securityProblemSelector=affectedP..." -H "accept: application/json; charset=utf-8"

 

If you don't have information expected with these additional fields, you will need to iterate GET problem events with each Problem ID.

Regards

Observability consultant - Dynatrace Associate/Pro/Services certified

Sami
Frequent Guest

Hi  @AurelienGravier ,

 

Unfortunately this does not help, codeanalysis is not of concern. and riskAssessment: A risk assessment of the security problem not specific to the process.

 

The only workaround is the iteration, but it is very api calls intensive to be used for automation, we need a new endpoint that directly provide the result. 

+ @susanst00 

Regards,

 

susanst00
Dynatrace Enthusiast
Dynatrace Enthusiast

@Sami - As mentioned below, I don't think this is possible today, but I've created a product idea on your behalf.

-susan

Much appreciated @susanst00 you rock 🚀

AurelienGravier
Advisor

OK I understand.
Personnaly, I often iterate easily a lot of entities on more than 1500 Hosts with ansible jobs for a client environment to automatically switch hosts from full stack monitoring to infra-only based on process group technologies detected on hosts. And it works like a charm.

Regards.

 

Observability consultant - Dynatrace Associate/Pro/Services certified

Sami
Frequent Guest

Could you please help suggest this as a product idea ?

AurelienGravier
Advisor

Sure, you can submit it yourself here : https://community.dynatrace.com/t5/forums/postpage/board-id/DynatraceProductIdeas

Observability consultant - Dynatrace Associate/Pro/Services certified